MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e50d704ac52bb66fc8fae0b4b54a7538800d3b1c2cad69a0210ca9c97978cb04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e50d704ac52bb66fc8fae0b4b54a7538800d3b1c2cad69a0210ca9c97978cb04
SHA3-384 hash: a60f6862e5acf97ef5afc39d4032f72780c1973e23bfe6037a35934f1f7b38a85243da211e28bda16a181d815f9ce139
SHA1 hash: a7311cef83e8ed0e0f29ef04aef581e3deeb9ee7
MD5 hash: dd63cc34192462ccbcdf6182c54756fc
humanhash: uncle-steak-twelve-march
File name:SecuriteInfo.com.W32.AIDetect.malware1.22276.30855
Download: download sample
File size:46'080 bytes
First seen:2022-08-29 10:58:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a05447f0ae48d23baab89cafdbca9a16
ssdeep 768:5lyqDQ/PSuSCrFcNJuKxSGy9e3rUNuUGRLMMJQrds:5g/SuSCuZyk3YNuUGFMMCds
TLSH T1CD23BF19F2408465E5B280B544FB965A1A28FE1B072D28F737D02C5F6F33DC6EE3156A
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4505/5/1)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
8.3% (.EXE) Clipper DOS Executable (2018/12)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
296
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware1.22276.30855
Verdict:
Malicious activity
Analysis date:
2022-08-29 11:03:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4b257e69-a0f0-4cea-b59c-f1bf1989ad02

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/302201/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.22276.30855.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Moving of the original file
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/30733/overview
Behaviour
MalwareBazaar
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/630c9c5da7450371f6880b25/reports/96e89661-b11e-4d4e-9ba6-ee56ecfec4a9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a98de6af-73ea-4621-8a39-af73eaa93619
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1059788
Signature
Found evasive API chain (may stop execution after checking computer name)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e50d704ac52bb66fc8fae0b4b54a7538800d3b1c2cad69a0210ca9c97978cb04/
Threat name:
Win32.Trojan.Bingoml
Create hunting rule
Status:
Malicious
First seen:
2022-08-29 02:03:18 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ugxaswffo3g7sh24c2lkstvhcaa2oy4fswwtibbbsu4s6lyzmca._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220829-m2vfrahch8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Downloads MZ/PE file
Unpacked files
SH256 hash:
e50d704ac52bb66fc8fae0b4b54a7538800d3b1c2cad69a0210ca9c97978cb04
MD5 hash:
dd63cc34192462ccbcdf6182c54756fc
SHA1 hash:
a7311cef83e8ed0e0f29ef04aef581e3deeb9ee7
Link:
https://www.unpac.me/results/615b9d25-0d6c-419a-8413-bac489ab2550/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e50d704ac52bb66fc8fae0b4b54a7538800d3b1c2cad69a0210ca9c97978cb04

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e50d704ac52bb66fc8fae0b4b54a7538800d3b1c2cad69a0210ca9c97978cb04

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2283208/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/302201/

Comments